[
https://issues.apache.org/jira/browse/TINKERPOP-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435652#comment-16435652
]
ASF GitHub Bot commented on TINKERPOP-1912:
-------------------------------------------
Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/836
I think this looks right. We only care about dropping md5 from the
dev/release directories for official apache releases:
VOTE +1
> Remove MD5 checksums
> --------------------
>
> Key: TINKERPOP-1912
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1912
> Project: TinkerPop
> Issue Type: Improvement
> Components: build-release
> Affects Versions: 3.2.7
> Reporter: Daniel Kuppitz
> Assignee: Daniel Kuppitz
> Priority: Minor
>
> Apache is asking to remove MD5 checksums from releases.
> *Old policy:*
> * MUST provide a MD5-file
> * SHOULD provide a SHA-file [SHA-512 recommended]
> *New policy:*
> * MUST provide a SHA- or MD5-file
> * SHOULD provide a SHA-file
> * SHOULD NOT provide a MD5-file
> Providing MD5 checksum files is now discouraged for new releases, but still
> allowed for past releases.
> *Why this change:*
> * MD5 is broken for many purposes ; we should move away from it.
> [https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues]
> *Impact for PMCs:*
> * _*for new releases:*_
> ** please do provide a SHA-file (one or more, if you like)
> ** do NOT provide a MD5-file
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
